Merge pull request #27 from appirio-tech/feature/RS256-Auth0

New Auth Flow - Restricting SSO user to reset password.

Author: sachin-maheshwari

src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java

@@ -820,6 +820,11 @@ public ApiResponse changePassword(
           throw new APIRuntimeException(SC_UNAUTHORIZED, "Credentials are incorrect.");
       }
 
+      // SSO users can't reset their password.
+      List<UserProfile> ssoProfiles = userDao.getSSOProfiles(Utils.toLongValue(user.getId()));
+      if(ssoProfiles!=null && ssoProfiles.size()>0)
+          throw new APIRuntimeException(HttpURLConnection.HTTP_FORBIDDEN, MSG_TEMPLATE_NOT_ALLOWED_TO_RESET_PASSWORD);
+
       String error = user.validatePassoword();
       if (error != null) {
           throw new APIRuntimeException(SC_BAD_REQUEST, error);